Home > LISP & VXLAN Questions

LISP & VXLAN Questions

February 2nd, 2021 in ENCOR 350-401 Go to comments

Note: If you are not sure about LISP or VXLAN, please read our LISP Tutorial and VXLAN tutorial.

Question 1

Explanation

An Egress Tunnel Router (ETR) connects a site to the LISP-capable part of a core network (such as the Internet), publishes EID-to-RLOC mappings for the site, responds to Map-Request messages, and decapsulates and delivers LISP-encapsulated user data to end systems at the site.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html

Question 2

Explanation

Proxy ingress tunnel router (PITR): A PITR is an infrastructure LISP network entity that receives packets from non-LISP sites and encapsulates the packets to LISP sites or natively forwards them to non-LISP sites.

Reference: https://www.ciscopress.com/articles/article.asp?p=2992605

Note: The proxy egress tunnel router (PETR) allows the communication from the LISP sites to the non-LISP sites. The PETR receives LISP encapsulated traffic from ITR.

Question 3

Explanation

Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:
+ Endpoint identifiers (EIDs)—assigned to end hosts.
+ Routing locators (RLOCs)—assigned to devices (primarily routers) that make up the global routing system.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html

Question 4

Explanation

Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:
+ Endpoint identifiers (EIDs) – assigned to end hosts.
+ Routing locators (RLOCs) – assigned to devices (primarily routers) that make up the global routing system.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html

Question 5

Explanation

802.1Q VLAN identifier space is only 12 bits. The VXLAN identifier space is 24 bits. This doubling in size allows the VXLAN ID space to support 16 million Layer 2 segments -> Answer B is not correct.

VXLAN is a MAC-in-UDP encapsulation method that is used in order to extend a Layer 2 or Layer 3 overlay network over a Layer 3 infrastructure that already exists.

Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/vlan/212682-virtual-extensible-lan-and-ethernet-virt.html

Question 6

Explanation

Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:
+ Endpoint identifiers (EIDs)—assigned to end hosts.
+ Routing locators (RLOCs)—assigned to devices (primarily routers) that make up the global routing system.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html

Question 7

Explanation

VTEPs connect between Overlay and Underlay network and they are responsible for encapsulating frame into VXLAN packets to send across IP network (Underlay) then decapsulating when the packets leaves the VXLAN tunnel.

VXLAN_VTEP.jpg

Question 8

Question 9

Explanation

In this question we suppose that we only need to send packets from LISP site to non-LISP site successfully. We don’t care about the way back (if we care about the way back then all PETR, PITR, MS & MR are needed).

Proxy Egress Tunnel Router (PETR): A LISP device that de-encapsulates packets from LISP sites to deliver them to non-LISP sites.

LISP_PxTR.jpg

When the xTR in LISP Site 1 want to sends traffic to Non-LISP site, the ITR (not PETR) needs a Map Resolver (MR) to send Map Request to. When the ITR (the xTR in LISP Site 1 in the figure above) receives negative MAP-Reply packet from MR, it caches that prefix and map it to the PETR.

Good reference: https://netmindblog.com/2019/12/04/lisp-locator-id-separation-protocol-part-ii-pxtr/

Question 10

Explanation

Locator ID Separation Protocol (LISP) solves this issue by separating the location and identity of a device through the Routing locator (RLOC) and Endpoint identifier (EID):

+ Endpoint identifiers (EIDs) – assigned to end hosts.
+ Routing locators (RLOCs) – assigned to devices (primarily routers) that make up the global routing system.

Question 11

Explanation

VXLAN uses an 8-byte VXLAN header that consists of a 24-bit VNID and a few reserved bits. The VXLAN header together with the original Ethernet frame goes in the UDP payload. The 24-bit VNID is used to identify Layer 2 segments and to maintain Layer 2 isolation between the segments.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_chapter_010.html

Let’s see the structure of a VXLAN packet to understand how (note: VNI = VNID)

VXLAN_Packet_Structure.jpg

The key fields for the VXLAN packet in each of the protocol headers are:

+ Outer MAC header (14 bytes with 4 bytes optional) – Contains the MAC address of the source VTEP and the MAC address of the next-hop router. Each router along the packet’s path rewrites this header so that the source address is the router’s MAC address and the destination address is the next-hop router’s MAC address.

+ Outer IP header (20 bytes)- Contains the IP addresses of the source and destination VTEPs.
+ (Outer) UDP header (8 bytes)- Contains source and destination UDP ports:
– Source UDP port: The VXLAN protocol repurposes this standard field in a UDP packet header. Instead of using this field for the source UDP port, the protocol uses it as a numeric identifier for the particular flow between VTEPs. The VXLAN standard does not define how this number is derived, but the source VTEP usually calculates it from a hash of some combination of fields from the inner Layer 2 packet and the Layer 3 or Layer 4 headers of the original frame.
– Destination UDP port: The VXLAN UDP port. The Internet Assigned Numbers Authority (IANA) allocates port 4789 to VXLAN.

+ VXLAN header (8 bytes)- Contains the 24-bit VNI (or VNID)
+ Original Ethernet/L2 Frame – Contains the original Layer 2 Ethernet frame.

Comments
  1. Anonymous
    May 29th, 2020

    No Premium Member: You can test your knowledge with these questions first via this link (via Flash) or this link (via HTML). To test for this section!

  2. Micky
    July 7th, 2020

    I Think D (MAP RESOLVER) is a better answer. The cloud facing interface on R1 and R2 all other router in the cloud are considered RLOC by definition. MR respond with the mapping that leads ITR (R1) to forward traffic to ETR (R2).

  3. !nk
    July 10th, 2020

    According to RFC 6833, The LISP Mapping Service defines two new types of LISP-speaking
    devices: the Map-Resolver, which accepts Map-Requests from an Ingress
    Tunnel Router (ITR) and “resolves” the EID-to-RLOC mapping using a
    mapping database; and the Map-Server, which learns authoritative
    EID-to-RLOC mappings from an Egress Tunnel Router (ETR) and publishes
    them in a database.
    The answer should be MapServer(B).

  4. !nk
    July 10th, 2020

    Okay, after further reading the answer is A. The Map Server responds with the mappings on behalf of the ETR b/c a ‘proxy map reply flag’ is set. By default, the ETR sends(publishes) the EID-to-RLOC mappings to ITR. See “LISP Data Path” in ENCOR350-401 Official Cert Guide(p470).

  5. GZ
    July 22nd, 2020

    Q2:
    Non-LISP site <——— PETR PITR ———-> LISP site

  6. GZ
    July 22nd, 2020

    ITR means ingress (going inside LISP network)
    Proxy is used when communication between Non-LISP and LISP sites
    Non-LISP site ——-> PITR ——–> LISP site

  7. Anonymous
    November 15th, 2020

    @digitaltut what is the correct answer in Q1? Here it says A but in flash is B?

  8. digitaltutq
    November 15th, 2020

    @Anonymous: The correct answer is A. ETR.

  9. DigitalTUT is the best
    December 30th, 2020

    wasted $200 on impartial and totally inaccurate dumps from other sites. Last I checked here it was not any material for ENCOR. Now it’s flush with good stuff. Well worth premium! I have been a CCNP for almost 15 years and just needed a good refresher for the academics.

  10. hesham
    February 19th, 2021

    which answar is true
    Which statement about VXLAN is true?
    A. VXLAN uses TCP 35 the transport protocol over the physical data center network
    B. VXLAN extends the Layer 2 Segment ID field to 24-bits, which allows up to 4094 unique Layer 2 segments over the same network
    C. VXLAN encapsulates a Layer 2 frame in an IP-UDP header, which allows Layer 2 adjacency across router boundaries
    D. VXLAN uses the Spanning Tree Protocol for loop prevention

  11. cert
    March 30th, 2021

    Q9 …Which two LISP infrastructure elements are needed to support LISP to non -LISP internetworking

    ADMIN… the more correct answer to me seems PXTR and PITR… because these are the two devices responsible for comm between non lisp to lisp …..if you want to select MR then there is also a logic to select MS as well…..

    Can you please have a look again ??????

    Really not a good and clear question … Hate cisco for these cheap tricks ….

  12. ldnl
    April 20th, 2021

    Map Server (MS) is a network device (typically a router) that learns EID-to-prefix mapping entries from an ETR and stores them in a local EID-to-RLOC mapping database.

    Answer to Q1 should be MS not ETR.

  13. ldnl
    April 22nd, 2021

    I think PITR and PETR should be the answer for Q9 as they are responsible for communication to non-LISP sites. I checked OCG and your reference as well.

  14. RM
    April 27th, 2021

    Q11.

    Could it be that the correct answer is C VTEP.

    It is correct that the VNID is the header to be able to do the isolation, but I would say the VTEP is responsible for the isolation with the help of the VNID.

  1. No trackbacks yet.